FindBugsHowto

How to use FindBugs with NetBeans sources

This document describes how FindBugs is used during the development of NetBeans.

Running FindBugs locally

For every NetBeans module, you can run the findbugs check by typing:

cd your.module
ant findbugs

This will produce the findbugs report file in

$basedir/build/findbugs/org-netbeans-modules-your-module.xml

and fails if at least one warning was discovered. No file is created if there is no problem in the tested module.
There is also a target in

nbbuild

to execute the test for all modules in a cluster at once:

ant -f nbbuild/build.xml findbugs-cluster

This produces the output files for each module with a problem in

nbbuild/build/findbugs/

directory.

Evaluating FindBugs warnings

The report containing FindBugs warnings can be viewed using the FindBugs UI. This tool can be downloaded from the FindBugs website: http://findbugs.sourceforge.net/. After installing FindBugs, you can run the tool using the

findbugs[.bat]

script in the {bin} directory. In the FindBugs UI, you may want to sort the issues by priority, by dragging the labels at the top left.

Suppressing warnings

In some cases, you may want to suppress a particular warning, rather than fix it. Always think twice about suppressing as FindBugs is usually right. If you really know it is false warning you can do the following:

Make sure your module uses the Common Annotations module (api.annotations.common).

Find the id of the warning you want to suppress. Open the FindBugs report in a text editor, and find the <BugInstance> element for your warning. The value of the {type} attribute of this element is your warning id.

Add the following annotation to the code (method, class, instance variable, local variable etc.) in which you want to suppress the warning:

Open issues

Some warnings appear in generated code, and addressing them requires more work - we need to change the code generator, which is not always straightforward. For example, schema2beans generates code that compares strings using {==}, which results in a FindBugs warning. It probably does not represent a real bug. How should we deal with such warnings?

Additional information

The SignatureTest also helps to maintain high quality of NetBeans code.